Since last night MSE has been identifying the Trojan:JS/Medfos.B every couple minutes and quarantines the action.
However after running a bunch of scans, none of my anti-virus software (MSE, Malwarebytes or adwclearer) can detect it. I understand it is nasty virus that changes itself so detection is difficult.

So far my system appears to be running OK - no hijacks or slowdowns...but I want to get ride of this nasty one.

BTW - I have a 2TB USB backup that runs nightly. I did not run a backup last night. However without knowing if the virus has a delay feature, I'm not sure whether or not the virus got into the backups. The backup drive is unplugged for now.
Is it safe to assume that since a backup is a one way process - I can do a fresh backup once we clean my computer and then delete the old backups?

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important!Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all

Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.

Remember to re enable the protection again after combofix has finished

--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running

Double click on renamed combofix.exe & follow the prompts.

If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*

If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.

If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal

If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

However, I got two popups after it was run indicating two files were not found.
C:\Users\Owner\AppData\Roaming\dmscsh.dll
C:\Users\Owner\AppData\Roaming\mdlwmt.dll

Not sure if Combo deleted them just now or MSE during a full scan last night.
MSE found them and asked they be sent for further analysis - which I did before running ComboFix.
I assume they got deleted by one or both of the software.
I assume I can repair from my Win7 disk in the future after we are done.

I don't appear to have any redirects or slowdowns or MSE alerts but I am getting the missing file(s) popups at reboot.
C:\Users\Owner\AppData\Roaming\dmscsh.dll
C:\Users\Owner\AppData\Roaming\mdlwmt.dll
See attached:
dmscsh.dll.jpg
mdlwmt.dll.jpg

In addition, MSE found a quarantined file that it asked to be sent. Which I did.
See attached:
dmscsh.dll.vir.jpg

Mark

Attachment Blocked

Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.

Hmmm that was weird. I got a timeout when uploading the reply.
Since it doesn't look right, I'll attach the OTS log.

Mark

Attachment Blocked

Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here .

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer. And whether this fixed it

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 02142013_181422
Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\SysNative\WPRO_41_2001woem.tmp moved successfully.
Registry entries deleted on Reboot...

it should be all OK now
yes it would be sensible to delete old backups & create new ones now it is clean

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop
Please double-click OTS.exe to run it.

press clean-up & it will delete/uninstall all the tools we have used to fix your problems and all their backup folders and then delete itself when you next reboot
Then reboot.

and scan herehttp://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us

THIS THREAD HAS EXPIRED.
Are you having the same problem?
We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.